<%@ page language="java" import="java.sql.*"%>
<html>
<head><title>Read from mySQL Database</title>
</head>
<body>
<center>

<%
	class XSSchecker
	{
		public String sanitize(String string) 
		{
			string.replaceAll("(?i)<script.*?>.*?</script.*?>", "");   	
			string.replaceAll("(?i)<.*?javascript:.*?>.*?</.*?>", ""); 
			string.replaceAll("(?i)<.*?\\s+on.*?>.*?</.*?>", "");
			return string;
		}
	};

       try
       {
		XSSchecker checker = new XSSchecker();

		if(session.getAttribute("logged_in") == "true")
		{
			out.println("<p><h2>Logged In</p></h2>");
			if(session.getAttribute("user_level") == "administrator")
			{

				if(request.getParameter("id") == null || checker.sanitize((String)request.getParameter("id")) == "") 
				{
					out.println("<p><h1>You must select a screen !!</h1></p>");
					out.println("<a href=menu.jsp>Main Menu</a> ");
				}
				else
				{
					String DRIVER = "com.mysql.jdbc.Driver";
					Class.forName(DRIVER);

					Connection con=null;
					ResultSet rst0=null;
					ResultSet rst1=null;
					ResultSet rst2=null;

					String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";
					con=DriverManager.getConnection(url);

					PreparedStatement stmt = con.prepareStatement("SELECT * FROM screen_owners WHERE screen_id = ?;");
					stmt.setString(1, checker.sanitize((String)request.getParameter("id")));
					rst0=stmt.executeQuery();

					stmt = con.prepareStatement("SELECT * FROM screen_presentations WHERE screen_id =  ?;");
					stmt.setString(1, checker.sanitize((String)request.getParameter("id")));
					rst1=stmt.executeQuery();

					stmt = con.prepareStatement("SELECT * FROM screen WHERE id =  ?;");
					stmt.setString(1, checker.sanitize((String)request.getParameter("id")));
					rst2=stmt.executeQuery();
				
					if(rst2.next()) 
					{
						if(rst0.next())
						{						
							out.println("<p><h1>This screen belongs to some users, please reassign them before delete it!! </h1></p>");
							out.println("	<a href=manage_user.jsp>Manage User</a><br><br> ");
							out.println("  <a href=menu.jsp>Main Menu</a> ");
						}
						else if(rst1.next())		
						{
							out.println("<p><h1>There are some presentations on this screen, please reassign them before delete it!! </h1></p>");
							out.println("	<a href=change_screen.jsp>Change Screen</a><br><br> ");
							out.println("  <a href=menu.jsp>Main Menu</a> ");
						}	
						else		
						{
							stmt = con.prepareStatement("DELETE FROM `d562_2010_01`.`screen` WHERE id = ?;");
							stmt.setString(1, checker.sanitize((String)request.getParameter("id")));
							stmt.executeUpdate();
			
							out.println("<p><h1>The screen is Deleted!! </h1></p>");
							out.println("  <a href=menu.jsp>Main Menu</a> ");
							//response.setHeader("Refresh", "2; URL=./delete_screen.jsp");
						}
					}
					else
					{
						out.println("<p><h1>The screen is NOT in the database !! </h1></p>");
						out.println("  <a href=menu.jsp>Main Menu</a> ");
						//response.setHeader("Refresh", "2; URL=./delete_screen.jsp"); 

					}
					rst0.close();
					rst1.close();
					rst2.close();
					stmt.close();
					con.close();
				}
			}

		}
		else
		{
			out.println("Not Logged In");
		}
	}
	catch(Exception e)
	{
		out.println(e);
	}

%>
</center>
</body>
</table>
</center>
</div>


</body>
</html>